search for: mac_mls

...CP server with IPSEC and MAC support, the server innevitably crack. Because the m_pkthdr of some mbuf is mangled by unknown reasons. Following is my kernel configuration: options MAC options MAC_DEBUG options UFS_EXTATTR options UFS_EXTATTR_AUTOSTART options MAC_MLS # uncomment to put sebsd to kernel, but better to options IPSEC options IPSEC_ESP options IPSEC_DEBUG Following is the kernel dump backtrace: #0 0xc0668f0b in kdb_enter (msg=0x12 <Address 0x12 out of bounds>) at cpufunc.h:60 #1 0xc06509ab in panic (fmt=0xc08e6470...

Hello, I've been looking at the different MAC modules available and how they cold help to implement a less insecure than usual shared hosting web server. I've not been able to come up with a suitable configuration, looking at mac_bsdextended, mac_biba and mac_mls, but I think that a MAC module with the following policies could be very useful for such an environment. Have I missed anything? Has something similar been done? The module would (roughly) work as follows: Defining security levels in a similar way to mac_mls or mac_biba, we define a range of...

...> ping 192.168.65.100 PING 192.168.65.100 (192.168.65.100): 56 data bytes ping: sendto: Permission denied ping: sendto: Permission denied ping: sendto: Permission denied ^C --- 192.168.65.100 ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss On the other side, when mac_mls is loaded, networking works, but starting X server fails with message "Couldn't mmap /dev/vga" (I don't see /dev/vga device regardless of MAC policy loaded) Is it normal, or is something wrong ? Is any additional documentation about MAC available, more than papers at http://www....

...tpmac mls/low echo "Low" >> file_mls_127.txt $ setpmac mls/high more file_mls_127.txt Message High 128 127 126 Low All writes above succeeded. Should policy allow command ran as mls/high and mls/128 to write to a file with mls/127 ? Does it conform to *-property (no write down) ? mac_mls(4) says: "Subjects may not write to objects with a lower classification level than its own clearance level" Am I making some obvious mistake ? Thanks in advance for any help. Regards, Jarek

...UMMYNET #options BRIDGE options QUOTA options _KPOSIX_PRIORITY_SCHEDULING options P1003_1B_SEMAPHORES #options MAC #options MAC_BIBA #options MAC_BSDEXTENDED #options MAC_DEBUG #options MAC_IFOFF #options MAC_LOMAC #options MAC_MLS #options MAC_NONE #options MAC_PARTITION #options MAC_SEEOTHERUIDS #options MAC_TEST options KBD_INSTALL_CDEV # install a CDEV entry in /dev device isa #options AUTO_EOI_1 device pci device agp # Floppy drives device fdc # SCSI Controllers device sym...